Grafana won't start up on OpenShift

[fmhwong]

Bug Report

Which version of the demo you are using? opentelemetry-helm-charts b969a4f

Symptom

A clear and concise description of what the bug is.

What is the expected behavior? Following the install instruction from https://github.com/open-telemetry/opentelemetry-helm-charts/tree/main/charts/opentelemetry-demo#readme. Grafana pod should start up successfully.

What is the actual behavior? Grafana deployment was unable to start any Grafana pod.

pods "otel-demo-grafana-794f498b79-" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/grafana]: Forbidden: seccomp may not be set, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{472}: 472 is not an allowed group, provider restricted-v2: .containers[0].runAsUser: Invalid value: 472: must be in the ranges: 

Reproduce

1. helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts
2. oc new-project opentelemetry-demo
3. oc create sa opentelemetry-demo
4. oc adm policy add-scc-to-user anyuid -z opentelemetry-demo
5. helm install otel-demo open-telemetry/opentelemetry-demo \
    --namespace opentelemetry-demo \
    --set serviceAccount.create=false \
    --set serviceAccount.name=opentelemetry-demo \
    --set prometheus.rbac.create=false \
    --set prometheus.serviceAccounts.server.create=false \
    --set prometheus.serviceAccounts.server.name=opentelemetry-demo \
    --set grafana.rbac.create=false \
    --set grafana.serviceAccount.create=false \
    --set grafana.serviceAccount.name=opentelemetry-demo

Ran the following additional step to resolve the problem: oc adm policy add-scc-to-user privileged -z opentelemetry-demo

We will close this issue if:

• The steps you provided are complex.
• If we can not reproduce the behavior you're reporting.

Additional Context

Environment: OpenShift version 4.15.3 with 3 master nodes and 3 worker nodes